First, right-click in an open area of your desktop and select New, Folder; give the new folder a name (something like HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into the new folder.

I don't see the typical entries in your log for Aurora, but maybe you've partially fixed it. Just in case, do this...

I want to mention also, that yesterday I deleted some application files myself that I thought were maybe contributing to this mess. Here are the Application Files I deleted that have the same modified date as the day I picked this thing up on my computer.

I'm sure I've gotten rid of some things, however, I keep getting pop-up's and icons appearing on my desktop and Favorites in IE. Today my virus checker hasn't picked these "pests" up as it was previously doing over and over and over.... (so hopefully these are gone):

Double-click rkfiles.bat
It will scan for a while, so please be patient.
Wait for the DOS window to close, and then reboot back to normal mode.

Post the contents of C:\log.txt in your next reply.

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Go to Start, Run, and type in cleanmgr, and then click OK. Select the drive XP is on, and check the boxes for Downloaded Program Files (move any files you wish to keep out of this folder first), Temporary Internet Files, Recycle Bin, Temporary Files, Temporary Offline Files, Offline Files, (and Compress old files & Catalog files for the Content Indexer if you wish), and then click OK. Click Yes to confirm you want these files deleted. It may take awhile for this to run, please be patient.

Note: if any of these temporary files cannot be deleted while in normal mode, try Safe Mode.

Run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:

When I tried the step with "rkfiles.bat" it didn't really do anything. It briefly flashed a DOS Mode window, but it flashed so fast, I couldn't read it. I did it a couple of times, with the same result each time. Therefor, I have no rkfiles log.

I did perform the other steps and here is my new Hijack This log. I am still getting icons appearing on my desktop as well as in my internet favorites. I get a pop up every now and then too.

Also, I have something running, bogging down my computer. When I check out my task manager processes, there are one of two things running: SVCHOST.exe and/or UPDATE.exe. It's taking quite a bit of CPU Usage. Is this related to the virus??

1. rkfiles doesn't give you any feedback when it creates its log, it just makes a log file in your main C:\ folder called "log.txt". Open the log.txt file in Notepad and copy the contents into a post here.

2. svchost.exe is a valid Windows system file which manages other groups of Windows components. Because of that, it isn't unusual to see multiple instances of svchost running, or to see one instance of it spike your CPU usage.
Update.exe could be legit, but it's a common filename and could be part of your adware infections.

4. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Delete the following files:C:\WINDOWS\System32\PSof1.exe
C:\WINDOWS\System32\hjharl.exe

- Delete the following folder entirely:C:\Program Files\Cas

- For every user account listed under C:\Documents and Settings, delete the entire contents of the following folders (but not the folders themselves):

(Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!)

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

- Reboot normally.

5. Run HijackThis again and post a new log. Also let us know what (if any) visible signs of infection may still exist.

Here is the RK Files Log: (there's not much to it) It doesn't take awhile to scan as you previously stated it would. It briefly flashes DOS then it's over.

C:\Documents and Settings\mmilligan\Desktop\RKfiles

Ok, the hjharl.exe file keeps coming back. When I went into Safe mode (after fixing it with Hijack this) and tried to delete it, it denied me access. So I tried running Hijack this in Safe mode to get rid of it. Once I rebooted, it was back. Then I ran Hijack This AGAIN, and it came back AGAIN. Stubborn little critter.

I did what you directed me to and the hjharl.exe showed up a couple more times in the Hijack This log, but not in my Windows/System32 folder. I fixed it with Hijack a couple more times and it appears to be gone now. I'm going to reboot and see if it comes back. I think we may have kicked it's rearend. I'll let you know right away.

it's back in my Hijack This log, however it's not in my Windows\System32 Folder.

The settings you made in Safe Mode to have Explorer show hidden files and folders don't carry over when you reboot into normal mode. Repeat the steps below and see if hjharl.exe becomes visible. Let us know the result:

Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

Let's try this another way. You will need to print out these instructions or save them into a text file:

2. Download The Pocket Killbox and save it someplace convenient (your desktop is fine). Again, don't run the program yet.

3. Reboot into Safe Mode again and set Explorer's view settings to show hidden files/folders.

4. Run HijackThis again and have it fix: O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hjharl.exe reg_run

5. Disable System Restore:

- Right-click on the My Computer icon on your desktop and choose the "Properties" option.

- In the System Properties window, click on the System Restore tab and then put a check in the box next to the "Turn off System Restore" option and hit the "OK" button.

- Click "Yes" in the resulting confirmation box. You may experience a slight delay as your change is applied; the Properties window will close automatically when the operation is complete.

6. Double-click on the Killbox to open it.

- Paste the following in the "Full path of file to delete" box:C:\WINDOWS\System32\hjharl.exe

- Click the "Delete on reboot" button.
- Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the next prompt (where you are asked if you want to acually reboot now).

- Paste the following in the "Full path of file to delete" box: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rkra.exe

- Again, Click the "Delete on reboot" button. Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the next prompt.

- Close the Killbox.

7. Run CCleaner to clean up loose ends, and then empty your Recycle Bin.

It's not there. I've had the "Show hidden files", etc. checked in normal mode for a couple of days now.

OK; just wanted to double-check.

My guess is that there is a component of the infection which has hidden from our scans so far that is "respawning" the infection. We may need to try a couple of other scans/fixes, but do the above steps first, post a new HJT log, and we'll take it from there.

I ran HiJack This again, just to make sure..................and it's back. I took a snapshot of some files that were created in my System32 folder around the same time my computer became infected. They look suspicious to me, but I'm not real familiar with what should actually be there and how often the "good" files are accessed or updated.

I will be leaving work in about 40 minutes. Should I just leave my computer on tonight so as to not give the files a chance to 'transform' into another file? Am I compromising our network here at work in any way?

Should I just leave my computer on tonight so as to not give the files a chance to 'transform' into another file?

If possible, yes.

Am I compromising our network here at work in any way?

Possibly; spyware and adware infections do not spread over networks, but viruses/trojans/worms obviously do. However, if your machine is infected by network-spread infected, chances are very good that you're not the only one (or the first one) who's been hit.